Autopsy  4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
EventNode.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.explorernodes;
20 
21 import java.lang.reflect.InvocationTargetException;
22 import java.text.MessageFormat;
23 import java.util.ArrayList;
24 import java.util.Collection;
25 import java.util.Collections;
26 import java.util.HashSet;
27 import java.util.List;
28 import java.util.logging.Level;
29 import javax.annotation.Nonnull;
30 import javax.swing.Action;
31 import org.joda.time.DateTime;
32 import org.joda.time.DateTimeZone;
33 import org.openide.nodes.Children;
34 import org.openide.nodes.PropertySupport;
35 import org.openide.nodes.Sheet;
36 import org.openide.util.NbBundle;
37 import org.openide.util.Utilities;
38 import org.openide.util.lookup.Lookups;
52 import org.sleuthkit.datamodel.AbstractFile;
53 import org.sleuthkit.datamodel.BlackboardArtifact;
54 import org.sleuthkit.datamodel.BlackboardAttribute;
55 import org.sleuthkit.datamodel.Content;
56 import org.sleuthkit.datamodel.SleuthkitCase;
57 import org.sleuthkit.datamodel.TskCoreException;
58 import org.sleuthkit.datamodel.TimelineEventType;
59 import org.sleuthkit.datamodel.TimelineEvent;
60 import org.sleuthkit.datamodel.TimelineLevelOfDetail;
61 
65 public class EventNode extends DisplayableItemNode {
66 
67  private static final Logger logger = Logger.getLogger(EventNode.class.getName());
68 
69  private final TimelineEvent event;
70 
80  EventNode(@Nonnull TimelineEvent event, @Nonnull Content file, @Nonnull BlackboardArtifact artifact) {
81  super(Children.LEAF, Lookups.fixed(event, file, artifact));
82  this.event = event;
83  TimelineEventType evenType = event.getEventType();
84  this.setIconBaseWithExtension(EventTypeUtils.getImagePath(evenType));
85  }
86 
93  EventNode(@Nonnull TimelineEvent event, @Nonnull Content file) {
94  super(Children.LEAF, Lookups.fixed(event, file));
95  this.event = event;
96  TimelineEventType evenType = event.getEventType();
97  this.setIconBaseWithExtension(EventTypeUtils.getImagePath(evenType));
98  }
99 
100  @Override
101  @NbBundle.Messages({
102  "NodeProperty.displayName.icon=Icon",
103  "NodeProperty.displayName.description=Description",
104  "NodeProperty.displayName.eventType=Event Type",
105  "NodeProperty.displayName.known=Known",
106  "NodeProperty.displayName.dateTime=Date/Time"})
107  protected Sheet createSheet() {
108  Sheet sheet = super.createSheet();
109  Sheet.Set properties = sheet.get(Sheet.PROPERTIES);
110  if (properties == null) {
111  properties = Sheet.createPropertiesSet();
112  sheet.put(properties);
113  }
114 
115  properties.put(new NodeProperty<>("icon", Bundle.NodeProperty_displayName_icon(), "icon", true)); // NON-NLS //gets overridden with icon
116  properties.put(new TimeProperty("time", Bundle.NodeProperty_displayName_dateTime(), "time ", getDateTimeString()));// NON-NLS
117  properties.put(new NodeProperty<>("description", Bundle.NodeProperty_displayName_description(), "description", event.getDescription(TimelineLevelOfDetail.HIGH))); // NON-NLS
118  properties.put(new NodeProperty<>("eventType", Bundle.NodeProperty_displayName_eventType(), "event type", event.getEventType().getDisplayName())); // NON-NLS
119 
120  return sheet;
121  }
122 
130  private String getDateTimeString() {
131  return new DateTime(event.getEventTimeInMs(), DateTimeZone.UTC).toString(TimeLineController.getZonedFormatter());
132  }
133 
134  @Override
135  @NbBundle.Messages({
136  "EventNode.getAction.errorTitle=Error getting actions",
137  "EventNode.getAction.linkedFileMessage=There was a problem getting actions for the selected result. "
138  + " The 'View File in Timeline' action will not be available."})
139  public Action[] getActions(boolean context) {
140  List<Action> actionsList = new ArrayList<>();
141  Collections.addAll(actionsList, super.getActions(context));
142 
143  /*
144  * If this event is derived from an artifact, add actions to view the
145  * source file and a "linked" file, if present.
146  */
147  final BlackboardArtifact artifact = getLookup().lookup(BlackboardArtifact.class);
148  final Content sourceFile = getLookup().lookup(Content.class);
149  if (artifact != null) {
150  try {
151  //find a linked file such as a downloaded file.
152  AbstractFile linkedfile = findLinked(artifact);
153  if (linkedfile != null) {
154  actionsList.add(ViewFileInTimelineAction.createViewFileAction(linkedfile));
155  }
156  } catch (TskCoreException ex) {
157  logger.log(Level.SEVERE, MessageFormat.format("Error getting linked file from blackboard artifact{0}.", artifact.getArtifactID()), ex); //NON-NLS
158  MessageNotifyUtil.Notify.error(Bundle.EventNode_getAction_errorTitle(), Bundle.EventNode_getAction_linkedFileMessage());
159  }
160 
161  //add the action to view the content in the timeline, only for abstract files ( ie with times)
162  if (sourceFile instanceof AbstractFile) {
163  actionsList.add(ViewFileInTimelineAction.createViewSourceFileAction((AbstractFile) sourceFile));
164  }
165  }
166 
167  //get default actions for the source file
168  List<Action> factoryActions = DataModelActionsFactory.getActions(sourceFile, artifact != null);
169  actionsList.addAll(factoryActions);
170  if (factoryActions.isEmpty()) { // if there were no factory supplied actions, at least add the tagging actions.
171  actionsList.add(AddBlackboardArtifactTagAction.getInstance());
174  }
175  actionsList.addAll(ContextMenuExtensionPoint.getActions());
176  }
177  return actionsList.toArray(new Action[actionsList.size()]);
178  }
179 
189  private static AbstractFile findLinked(BlackboardArtifact artifact) throws TskCoreException {
190  BlackboardAttribute pathIDAttribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID));
191  if (pathIDAttribute != null) {
192  long contentID = pathIDAttribute.getValueLong();
193  if (contentID != -1) {
194  return artifact.getSleuthkitCase().getAbstractFileById(contentID);
195  }
196  }
197  return null;
198  }
199 
200  @Override
201  public boolean isLeafTypeNode() {
202  return true;
203  }
204 
205  @Override
206  public <T> T accept(DisplayableItemNodeVisitor<T> dinv) {
207  throw new UnsupportedOperationException("Not supported yet."); // NON-NLS
208  }
209 
210  @Override
211  public String getItemType() {
212  return getClass().getName();
213  }
214 
219  final private class TimeProperty extends PropertySupport.ReadWrite<String> {
220 
221  private String value;
222 
223  @Override
224  public boolean canWrite() {
225  return false;
226  }
227 
228  TimeProperty(String name, String displayName, String shortDescription, String value) {
229  super(name, String.class, displayName, shortDescription);
230  setValue("suppressCustomEditor", Boolean.TRUE); // remove the "..." (editing) button NON-NLS
231  this.value = value;
232  TimeLineController.timeZoneProperty().addListener(timeZone -> {
233  try {
235  } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException ex) {
236  logger.log(Level.SEVERE, "Unexpected error setting date/time property on EventNode explorer node", ex); //NON-NLS
237  }
238  });
239 
240  }
241 
242  @Override
243  public String getValue() throws IllegalAccessException, InvocationTargetException {
244  return value;
245  }
246 
247  @Override
248  public void setValue(String newValue) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException {
249  String oldValue = getValue();
250  value = newValue;
251  firePropertyChange("time", oldValue, newValue); // NON-NLS
252  }
253  }
254 
265  public static EventNode createEventNode(final Long eventID, EventsModel eventsModel) throws TskCoreException {
266 
267  SleuthkitCase sleuthkitCase = eventsModel.getSleuthkitCase();
268 
269  /*
270  * Look up the event by id and creata an EventNode with the appropriate
271  * data in the lookup.
272  */
273  final TimelineEvent eventById = eventsModel.getEventById(eventID);
274  Content file = sleuthkitCase.getContentById(eventById.getContentObjID());
275 
276  if (eventById.getArtifactID().isPresent()) {
277  BlackboardArtifact blackboardArtifact = sleuthkitCase.getBlackboardArtifact(eventById.getArtifactID().get());
278  return new EventNode(eventById, file, blackboardArtifact);
279  } else {
280  return new EventNode(eventById, file);
281  }
282  }
283 
284  private static boolean isExactlyOneArtifactSelected() {
285  final Collection<BlackboardArtifact> selectedArtifactsList
286  = new HashSet<>(Utilities.actionsGlobalContext().lookupAll(BlackboardArtifact.class));
287  return selectedArtifactsList.size() == 1;
288  }
289 }
static List< Action > getActions(File file, boolean isArtifactSource)
static synchronized AddBlackboardArtifactTagAction getInstance()
static synchronized DeleteFileBlackboardArtifactTagAction getInstance()
static EventNode createEventNode(final Long eventID, EventsModel eventsModel)
Definition: EventNode.java:265
static ViewFileInTimelineAction createViewSourceFileAction(AbstractFile file)
static ReadOnlyObjectProperty< TimeZone > timeZoneProperty()
static AbstractFile findLinked(BlackboardArtifact artifact)
Definition: EventNode.java:189
static void error(String title, String message)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
static String getImagePath(TimelineEventType type)
static ViewFileInTimelineAction createViewFileAction(AbstractFile file)

Copyright © 2012-2020 Basis Technology. Generated on: Mon Jul 6 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.